I have similar issue, Cisco says use the easyVPN features of the Pix (6.2.2) and setup the concentrator end as a VPN client. I have this working partially right now. The tunnel is setup fine but can't access any thing from the pix side to the remote network.
I can find no documentation on any of this except for:
Which gives no setup info for the 3000 Series conectrator. I need to solve this problem as I've promised a customer that I can make this work on the equipment I recommended he buy... Hope to get some help or figure it out soon....
It seems like even though the tunnel is up, the 3005 doesn't know what network is behind the pix....
If you figure it out get back in touch, if anyone else has any suggestions, brig em on!!
Hi, just did this the other day...I used the base group in the concentrator. I had to go through all the groups in the concentrator config and clear the check boxes for the inherit from base group. I set the tunnel type to remote access on the IPSec tab, and configured default pre-shared because the PIX is acting as a VPN client . I then went into Network Lists and configured a network list that mirrored the access list on the PIX and assigned it to the split tunneling on the concentrator. The only problem with this is communication can only be initiated from the PIX to the concentrator and not the concentrator to the PIX because your using a wildcard on the concentrator of 0.0.0.0 for the remote peer.
I got mine working too, although somewhat differently. I created a new group and setup the group just like a VPN client with remote access mode and a local network list (split tunneling), The pix side was set to group mode "network" and that solves it all, I can access the hosts initiated from either side of the connection. My problem the other day was a stupid one, I was testing on the PIX side and wasn't allowing ICMP thru to my test host inside the PIX.
My only complaint is that the only DOC describing the EASY VPN feature setup leaves out any discussion of the VPN3000 setup. As usual, the CCO usually has the info, but it is VERY hard to find.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :